Cyber security experts report the discovery of a remote code execution (RCE) vulnerability in Steel-Belted Radius (SBR) Carrier Edition, a device developed by Juniper Networks and used by telecom operators to manage and secure their access policies. network.
Identified as CVE-2021-0276, the vulnerability resides in SBR Carrier versions 8.4.1, 8.5.0 and 8.6.0 which use the extensible authentication protocol. The company released a security patch last Wednesday, the 14th, noting that the flaw received a score of 9.8/10 according to the Common Vulnerability Scoring System (CVSS).
The flaw has been described as a stack-based buffer overflow bug that threat operators can exploit by sending specially crafted packets to the affected platform, forcing the RADIUS server daemon to crash. A successful attack would allow triggering the RCE condition and even a denial of service (DoS) attack.
In addition to this flaw, Juniper Networks security teams have fixed a large number of bugs, releasing updates to their product lines, including some that would allow triggering DoS conditions. Another flaw, identified as CVE-2021-0277, which was described as an out-of-bounds read vulnerability and received a CVSS score of 8.8/10. The flaw resides in several versions of the Junos OS and Junos OS Evolved operating systems.
This flaw is located in the processing of LLDP frames specially created by the layer 2 control protocol daemon (l2cpd). LLDP is the protocol that network devices use to transmit their identity, resources on a local network.
If the user is unable to upgrade to a safe version, Juniper Networks notes that there are some mitigation measures. For example, users can configure a device not to load the l2cpd daemon. However, if it is disabled, some protocols will not work. A second option is to configure destination interfaces on the device to disable LLDP.O packet processing.
An additional option is to configure interfaces on the device to disable LLDP packet processing or, for most switching platforms, you can implement packet filters through a firewall to drop LLDP packets with an EtherType of 0x88cc.
Source: CisoAdvisor
